INFORMATION GATHERING

Hey guys how are you today we are going to discuss about information gathering. 

Information gathering is the first step of Ethical Hacking, where the penetration tester or even hackers gather information on their target victims. To increase your chances of a “successful” hacking.

Back to website hacking, there are three approaches that one can take when planning to perform a hack on a website/web app. These approaches include:-

Server-side Attack

Client-side Attack

Web Application Pen testing.

As mentioned earlier, every attack begins with information gathering. There is a couple of information that one can gather during the process. These include but are not limited to:

1] Victim IP addresses

2] Domain Name Information

3] Technologies used by the website/web applications

4] Other websites on the same server
DNS records

This information could help you perform a successful hack on a website/ web app.
In this article, I will be showing you how to use some tools to gather information about a target website/web app. We will start with:-

1. Whois Lookup (https://whois.domaintools.com/)

Whois is an online tool that helps one to lookup information of the target website/web app such as Domain name, IP address block or an autonomous system but it is also used to query for a wider range of information. The information that is provided in the Whois lookup is publicly available unless the website is using domain privacy.
How to use Whois Lookup
You can either visit the whois site here (https://whois.domaintools.com/) and type in the domain name of the target website then it’s going to give you the website information or you can type this on the terminal
whois <domain_name_of_target) 

2. Netcraft(https://netcraft.com)

If you are gathering in-depth information on the technologies used in a website/web app, you could use the following website: netcraft.com

That's all for today's guys hope you will understand it. And please don't forget to follow us on Instagram and GitHub and do like our content on Instagram:





Comments

Post a Comment

Popular posts from this blog

what is log4j vulnerability

                                On December 9th, 2021, the world was made aware of a new vulnerability identified as CVE-2021-44228, affecting the Java logging package log4j . This vulnerability earned a severity score of 10.0 (the most critical designation) and offers remote code trivial remote code execution on hosts engaging with software that utilizes this log4j version. This attack has been dubbed "Log4Shell" .   What is the Log4j Vulnerability: Log4j is an extremely popular Apache library used by millions of Java programs and applications. As a result, the actual number of internet-facing applications exposed to the Log4j vulnerability is almost impossible to quantify. Researchers have noted that the vulnerability is likely to impact products and services provided by tech giants such as Apple, Amazon, Steam, Tesla, and Twitter.  The Log4j exploit allows threat act...
Read more

Secure your system from Pegasus spyware

  in last article we have discuss about pegasus spyware now let us understand how you can protect your system from this kind of spywares. There are several means of securing your device from Pegasus, starting from developing good technology practices. Always update your operating system to the latest version. Apple and Google regularly release updates which include security patches for vulnerabilities and malware. Both Apple and Google have released fixes for Pegasus. Apple released a patched version of iOS (starting from iOS 9.3.5) and Google has put in place specific controls to mitigate Pegasus on most Android OS’s (starting April 2017). Pegasus spyware (as well as all sorts of other malware) infiltrates phones by way of the phone user clicking a link in a text message, email, Twitter post, or any other means. When receiving any message with a link, make sure you are familiar with the person sending the link and actually verify that the message along with the link is c...
Read more

Pegasus spyware

  Hello guys Pytools here back again with another Artical,  in this article we are going to discus about Pegasus spyware and how you can secure yourself from this kind of spywares.    so first let us understand                                                              what is spyware? Spyware is software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user. For example, by violating their privacy or endangering their device's security.                          In Short spyware spy on us and send our information to the attackers.                      ...
Read more